A large majority of responding security professionals fail to measure and communicate security assurance within their organisations, and are therefore unable to connect cyber security to achieving strategic business objectives for board members and senior executives. That’s according to a survey by Tenable Network Security, Inc, an IT security product company
Survey data from 250 IT security professionals collected during the Infosecurity Europe 2016 event in London in the summer suggested that 89 percent of respondents fail to use security metrics to prove the value of cyber security to the organisation.
Gavin Millard, EMEA technical director, Tenable Network Security, aid: “Organisations are allocating extensive budgets and resources to cyber security defences at present, but protecting customer data is just one of many returns that this investment can deliver. Security teams need to collect, but more importantly share, SMART (Specific, Measureable, Actionable, Relevant, and Timely) security metrics, to guide the organisation’s decision-making process and drive actions. Businesses invest in what they understand, clear and concise data on the security posture is a ‘must do’ to ensure the security budget is available to protect organisations sufficiently.”
Some 31 percent of security people surveyed said they do some measurement of security assurance, but admitted to sharing metrics only within the IT department. More than 12 percent of respondents confessed to not using any security metrics at all.
Millard added: “Security professionals are delivering great results for their organisations day in and day out. Every malware infection identified and eradicated, every policy violation corrected, every critical patch deployed in a timely manner, all demonstrate how effective the teams are, yet business leaders are not being informed. Security pros surely get their fair share of blame when things go wrong, so it’s to their advantage to also communicate success and improvements about their organisation’s security posture to the C-Suite.” To download the details, visit https://www.tenable.com/whitepapers.
